Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
As part of HDDS-2174 we are deleting GDPR Encryption Key on delete file operation.
However, if KMS is enabled, we are skipping GDPR Encryption Key approach when writing file in a GDPR enforced Bucket.
final FileEncryptionInfo feInfo = keyOutputStream.getFileEncryptionInfo(); if (feInfo != null) { KeyProvider.KeyVersion decrypted = getDEK(feInfo); final CryptoOutputStream cryptoOut = new CryptoOutputStream(keyOutputStream, OzoneKMSUtil.getCryptoCodec(conf, feInfo), decrypted.getMaterial(), feInfo.getIV()); return new OzoneOutputStream(cryptoOut); } else { try{ GDPRSymmetricKey gk; Map<String, String> openKeyMetadata = openKey.getKeyInfo().getMetadata(); if(Boolean.valueOf(openKeyMetadata.get(OzoneConsts.GDPR_FLAG))){ gk = new GDPRSymmetricKey( openKeyMetadata.get(OzoneConsts.GDPR_SECRET), openKeyMetadata.get(OzoneConsts.GDPR_ALGORITHM) ); gk.getCipher().init(Cipher.ENCRYPT_MODE, gk.getSecretKey()); return new OzoneOutputStream( new CipherOutputStream(keyOutputStream, gk.getCipher())); } }catch (Exception ex){ throw new IOException(ex); }
In such scenario, when KMS is enabled & GDPR enforced on a bucket, if user deletes a file, we should delete the FileEncryptionInfo from KeyInfo, before moving it to deletedTable, else we cannot guarantee Right to Erasure.
Attachments
Issue Links
- links to